DorisOnline
asked on
Exchange 2003 Message Looping
Hi,
Recently we had an issue where an Email was being looped in our Exchange. This caused the bandwidth to skyrocket and slowed the sytem right down.
We were able to stop the problem by blocking the senders domain. It then just took a while for the thousands of emails left the in queues to filter out.
Basically what happened was, an email was sent to an address at our domain that didnt exist. Our exchange responded with a non delivery report. The address that the original email was sent from also didnt actually exists so the email got stuck in an endless loop.
Is there a way to stop this happening in Exchange 2003?
Recently we had an issue where an Email was being looped in our Exchange. This caused the bandwidth to skyrocket and slowed the sytem right down.
We were able to stop the problem by blocking the senders domain. It then just took a while for the thousands of emails left the in queues to filter out.
Basically what happened was, an email was sent to an address at our domain that didnt exist. Our exchange responded with a non delivery report. The address that the original email was sent from also didnt actually exists so the email got stuck in an endless loop.
Is there a way to stop this happening in Exchange 2003?
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Did the mail loop keep going on for ever? This is unusual - from what I have seen anyway, loops will tend to stop after a period of time.
If those boxes are already checked, I'm not sure there's anything else to do in order to prevent a mail loop. That's the configuration I use and it tends to be quite successful.
If those boxes are already checked, I'm not sure there's anything else to do in order to prevent a mail loop. That's the configuration I use and it tends to be quite successful.
ASKER
Yes it just continued forever, until we blocked their domain. The looping then stopped and the queues and system speed eventually got back to normal.
Well there's no other options in Exchange which I can think of enabling to prevent this behaviour. I can't see how Directory Filtering is helping, because it should be closing the SMTP session before any NDRs can even be generated. Strange.
ASKER
My understanding of the recipeient filtering feature as well is that, when their exchange talks to our exchange it says:
" does this recipient exist in your domain"
Our Exchange says "No, bugger off" and their Exchange then sends the sender a "NDR" or an unable to to delivery report. would that be correct.
" does this recipient exist in your domain"
Our Exchange says "No, bugger off" and their Exchange then sends the sender a "NDR" or an unable to to delivery report. would that be correct.
Your description of that is correct. The only thing I can see is that the remote mail server is trying to generate the NDRs without fully realising that the sender's mailbox doesn't exist there. Obviously the generated NDR will then bounce. If that is indeed the case, there isn't really a way to prevent it.
May I add a thought? Why use NDRs anyway?
If a legitimate sender can't seem to get through, they will call. And this is what, 1% of NDR-type situations?
99% it's a spam sender, and by responding to them you only make things worse; Now they know there's an active email server behind that MX record they crawled from your ISP. They also know you're running Exchange server AND the exact version.
My humble opinion: disable NDRs altogether.
If a legitimate sender can't seem to get through, they will call. And this is what, 1% of NDR-type situations?
99% it's a spam sender, and by responding to them you only make things worse; Now they know there's an active email server behind that MX record they crawled from your ISP. They also know you're running Exchange server AND the exact version.
My humble opinion: disable NDRs altogether.
Disabling NDRs is a big no, no. As per the SMTP RFCs (which basically define how the SMTP protocol functions), any mail server which does not send an NDR to a sender if their message cannot be delivered is breaching these regulations. Any breach of them, particularly in today's environment, could quickly end up in a server being blacklisted, and this will cause more problems than the odd email loop will cause.
-tigermatt
-tigermatt
ASKER
Hi Wizzad,
All thoughts are welcome :)
We did discuss disabling NDRs when this issue happened the first time however it was decided against because of the fact that a legitimate sender would not be notified that their email didnt get through.
Thinking about it now though, in that situation, their Exchange would notify them that it was unable to pass the email through to us. Is my thinking correct?
All thoughts are welcome :)
We did discuss disabling NDRs when this issue happened the first time however it was decided against because of the fact that a legitimate sender would not be notified that their email didnt get through.
Thinking about it now though, in that situation, their Exchange would notify them that it was unable to pass the email through to us. Is my thinking correct?
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
wizzad, I completely agree with you, and in fact, I have NDRs disabled on my private Exchange Server. I've not been blacklisted as a result, but I would rather not, on a public site such as this, give inaccurate advice which other people may follow and could cause them even more headaches in the future. Further, in a business environment, the sending of an NDR could be the difference between a multi-million dollar contract and nothing... if you get what I'm saying! :-)
If you want clarification that disabling NDRs is a bad thing, check out the comment from Sembee (our top Exchange expert) in question http:Q_23223513.html#a21072601.
Thank you for participating in this thread, and please feel free to continue posting your comments.
Anyway, back to DorisOnline's question. If you have correctly enabled the Recipient Filtering option, then should a recipient not exist at your domain, Exchange will reject the message. As a result, no NDR is generated by your mail server, and it is up to the sender's server to generate the NDR. In this case, the only time NDRs will be used is if a recipient's mailbox actually exists at your domain, but there is a problem delivering mail to it - perhaps it is over its quota, for example.
You can check if recipient filtering is working by doing a spam test as per http://www.amset.info/exchange/spam-cleanup.asp. In step 10, provide a fake email address and then you should get the "Unable to relay" message as per the article.
-tigermatt
If you want clarification that disabling NDRs is a bad thing, check out the comment from Sembee (our top Exchange expert) in question http:Q_23223513.html#a21072601.
Thank you for participating in this thread, and please feel free to continue posting your comments.
Anyway, back to DorisOnline's question. If you have correctly enabled the Recipient Filtering option, then should a recipient not exist at your domain, Exchange will reject the message. As a result, no NDR is generated by your mail server, and it is up to the sender's server to generate the NDR. In this case, the only time NDRs will be used is if a recipient's mailbox actually exists at your domain, but there is a problem delivering mail to it - perhaps it is over its quota, for example.
You can check if recipient filtering is working by doing a spam test as per http://www.amset.info/exchange/spam-cleanup.asp. In step 10, provide a fake email address and then you should get the "Unable to relay" message as per the article.
-tigermatt
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
The recipient filtering checkboxes are already checked, on both the message delivery and the SMTP virtual server as we have had this problem before and checked these boxes as a result.
Is there anything else that can be done to stop this?